From ab562bf954ca0514765b1f135b63e28e5f8f4434 Mon Sep 17 00:00:00 2001 From: Jacob Kaplan-Moss Date: Sat, 18 Apr 2009 21:04:40 +0000 Subject: [PATCH] Fixed #10694: correctly check permissions in the change password admin. Thanks, jturnbull. git-svn-id: http://code.djangoproject.com/svn/django/trunk@10591 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/contrib/auth/admin.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/django/contrib/auth/admin.py b/django/contrib/auth/admin.py index dedeb01b473..34691c00cd5 100644 --- a/django/contrib/auth/admin.py +++ b/django/contrib/auth/admin.py @@ -96,7 +96,7 @@ class UserAdmin(admin.ModelAdmin): }, context_instance=template.RequestContext(request)) def user_change_password(self, request, id): - if not request.user.has_perm('auth.change_user'): + if not self.has_change_permission(request): raise PermissionDenied user = get_object_or_404(self.model, pk=id) if request.method == 'POST':